340 likes | 461 Views
Bandwidth management and optimisation: The role and development of a supportive policy environment. Martin Belcher [mbelcher@inasp.info]. Session objectives. Review the role of policy in bandwidth management and optimisation Identify characteristics of effective policy Examine sample policies
E N D
Bandwidth management and optimisation:The role and development of a supportive policy environment Martin Belcher [mbelcher@inasp.info]
Session objectives • Review the role of policy in bandwidth management and optimisation • Identify characteristics of effective policy • Examine sample policies • Review the characteristics and requirements of successful policy development • Examine a relevant case study • Encourage you all to prioritise the development or review of appropriate policy environments within your workplaces
The bandwidth challenge • Available bandwidth is limited and insufficient to meet demand • Existing capacity is usually running at maximum capacity • As a result it is often unusable • Universal flat lining during working hours • The cost of bandwidth is extremely high • Expanding bandwidth capacity is limited due to finances, supply, technology • Bandwidth is often poorly/not managed effectively
Bandwidth as a public good • Public good = • any good that the members of a community benefit from, irrespective of whether they have contributed to it, and which they can consume in arbitrary amounts – that is, as much or as little as they wish to • Public goods are invariably subject to abuse by “free riders” who over consume them at the expense of the community • Analysis shows that a rational self-interested individual will choose to be a free rider in the absence of mechanisms to regulate access to a public good: hence the importance of developing such mechanisms, whether they be technical or policy-based
But… • Public goods problems can be managed in a number of ways: • by rationing the good • by converting it from a public good into a private good • by coercing appropriate behaviour • by educating consumers • by fostering community spirit • A small group of abusers to wreck the availability of 'the good' (or bandwidth) for the group at large. • It is almost always the case that a small minority of (ab)users account for most of the consumption of an over consumed public good • Thus, 5-10% of users create 50-60% of the problems
The importance of policy • Bandwidth management and optimisation are often seen as technical issues only • But… • Policy is an essential component of any bandwidth management strategy • Without it, technical solutions will be difficult to implement and much less effective • Policies are essential, in that they provide the framework for defining how a network is to be used and detail how technical solutions should be implemented
The role of policy • The most essential steps to any effective BMO are: • Knowing what happens on your network = monitoring • Having appropriate policies that govern the use of your network = policy • Both need to be flexible and changed over time and feed into each other • BMO is not simply a technical issues, technicians cannot solve it on their own • Policy alone is no use either • Policy makers should demand and receive detailed traffic monitoring reports and information • Technical staff should demand and expect appropriate policy within which they can operate • Once policy and monitoring are established, then other approaches can be adopted • They are likely to fail or under achieve without appropriate policy and monitoring
Characteristics of good policy These are essential
Policy has an enabling purpose • Policy is not just a set of arbitrary restrictions about how a network may or may not be used • It is a set of restrictions with a purpose: in particular, its central purpose is to make things possible • It encourages and enables users, it is not just a list of do’s and don’ts • It enables some things but limiting others • By enacting policy, we limit the ability of the minority abusing the network to infringe on the majority who need to use the network • 90% of our users will benefit (and support) good policy
Characteristics checklist 1 • Good policy is… • Linked to a wider objective • Has clear ownership • Is it the “right” ownership to ensure support and buy in? • It should not be the IT department • It should generally be the highest authority in the institution that there is • Is clear and short
Characteristics checklist 2 • Good policy… • Arises from a process • Processes are what secure buy-in and a sense of ownership • Works within the confines of a defined authority • Is enforced • Is adaptable and reviewed
Example policy elements and their role in bandwidth management and optimisation
Warning • These are not all necessarily recommended elements and approaches • Presented just as ideas and suggestions • Adoption should only be considered on a case by case basis, if it matches your needs
UNAM • “Electronic communications facilities (such as e-mail) are for company related activities only.” • Could be used as the basis to block Web sites or protocols that are not deemed within the core “business” of the organisation • Monitoring of traffic might show • certain entertainment Web sites being high users if bandwidth, these could then be blocked using a proxy cache • MP3 traffic could be blocked using your firewall and only opened to users who could demonstrate a “business” need for such information • The emphasis could then be on the blocked user to demonstrate the “business” need of the activity in question
University of Bristol • “The following will also be treated as contravening these regulations: (a) any action that would impair the function or security of the University's computer network;” • Could be used as the basis to take appropriate action against anyone who attempts to work around any BMO technologies you put in place • E.g. someone trying to disguise traffic through your firewall • Someone not using your proxy cache server (although if well implemented then that should not be possible)
University of KwaZulu-Natal • “scanning all incoming message and file downloads for malicious codes such as viruses or Trojan Horses” • This would allow you to configure your mail server to reject infected email messages without the need to inform users • A security issue • No need to accept complaints that users are having their emails rejected
UCT • “the University reserves the right to restrict or otherwise control the use of any of the internet protocols (This right to restrict may include the right to set a limit on individual usage by volume for undergraduate students, postgraduate students and staff)” • Allows for the implementation of user quota system • Restrict users (individuals or groups) to set volumes and that these volumes could differ between users or groups
University of Natal • “Violations of this policy will be handled in accordance with procedures established in the Conditions of Service or the Rules for Student Discipline.” • Regular abusers of any rules or regulations can be reported by the ICT department to the appropriate authorities to take further action • Or they can be contacted directly with the warning that the appropriate disciplinary procedures will be started if their behaviour does not change
But things need to be two way • “UCT reserves the right to interrogate electronic records held by UCT, but this right will not be exercised without the written permission of the Vice-Chancellor” • You can monitor users Web traffic and act on any patterns that you deem appropriate • But, this will not be done just at the discretion of the system administrator
The policy development process: creating the policy This is critical!
Process requirements 1 • Understand your policy environment • Understand your institution’s requirements for policy formulation and follow them • Review existing policy • Understand the wider legal environment • Document the problem you’re trying to solve and why policy is necessary to solve it • What are the alternatives and their limitations?
Process requirements 2 • Document what has already been done to manage the bandwidth problem • People are much more likely to be sympathetic if they believe that policy is only one element in managing the overall problem • Benchmark what others are doing (what are your competitors doing?) • Document the usage pattern • Identify who’s on your side and who is not (don’t forget the students)
Process requirements 3 • Identify the policy development team • Not just the IT department • Should include powerful figures who carry weight in the organisation • Consult your user community/roadshow your ideas • Write the draft • Link the policy to institutional objectives • Enumerate the consultation that has happened • Document the consensus
Process requirements 4 • Navigate the approval process • Beware of red herrings: the mythology of academic freedom • Plan for early wins • Make sure that the IT department is technically capable of doing whatever the policy will require • Enforcement is not the sole responsibility of IT • It must be supported by other processes and organisational structures
Process requirements 5 • Enforce the policy • Review the policy
Common policy problems • Policy that is not backed by monitoring • Policy that is unduly complex, or couched in legalistic language • Policy that doesn't fit your environment, because it has been cut and pasted from somewhere else • Policy that is not enforced, because of a lack of political will • Unofficial policy
Characteristics • Bandwidth usage guidelines (policy) • Social engineering and changing user behaviour • Human intervention and communication with users in breach of policy • On the first day of enforcement, they dropped their Internet usage from 120 Mbps to 90 Mbps • Typical user responses: • "I don't understand--what's bandwidth?? How do I reduce it? What am I doing wrong? What's going on?!" and "I have no idea what bandwidth is or how one goes about using it too much." • By the summer of that year, they had sent 489 initial inquiry messages and 102 warnings. Revoked network access to 29 hosts and exempted 27. Over 39 machines were found to be compromised • Cut their bandwidth usage considerably
Online case study • See: • http://www.net.cmu.edu/pres/jt0803/
Conclusion • All bandwidth management and optimisation must have a supportive policy • The policy development process is critical • Successful policies have common characteristics • Policy, monitoring and technical solutions go hand in hand • User behaviour change is the key to effective BMO